Meta AI Models Cracked Open With Exposed API Tokens

Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model repositories in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate LLM capabilities into their applications and operations.
The access would have allowed an adversary to silently poison training data in these widely used LLMs, steal models and data sets, and potentially execute other malicious activities that would heighten security risks for millions of downstream users.
Exposed Tokens on Hugging Face That's according to researchers at AI security startup Lasso who were able to access the Meta-owned model repositories using unsecured API access tokens they discovered on GitHub and the Hugging Face platform for LLM developers.
The tokens they discovered for the Meta platforms were among over 1,500 similar tokens they found on Hugging Face and GitHub that provided them with varying degrees of access to repositories belonging to a total of 722 other organizations.
Hugging Face is a platform that many LLM professionals use as a source for tools and other resources for LLM projects.
The company's main offerings include Transformers, an open source library that offers APIs and tools for downloading and tuning pretrained models.
The company hosts - in GitHub-like fashion - more than 500,000 AI models and 250,000 data sets, including those from Meta, Google, Microsoft, and VMware.
It lets users post their own models and data sets to the platform and to access those from others for free via a Hugging Face API. The company has raised some $235 million so far from investors that include Google and Nvidia.
As part of the exercise, the researchers in November 2023, tried to see if they could find exposed API tokens that they could use to access data sets and models on Hugging Face.
They scanned for exposed API tokens on GitHub and on Hugging Face.
With a small tweak to the scanning process, the researchers were successful in finding a relatively large number of exposed tokens, Lanyado says.
Lasso researchers were able to access tokens belonging to several top technology companies - including those with a high level of security - and gain full control over some of them, Lanyado says.
Lasso security researchers found a total of 1,976 tokens across both GitHub and Hugging Face, 1,681 of which turned out to be valid and usable.
As many as 655 of the tokens that Lasso discovered had write permissions on Hugging Face.
The researchers also found tokens that granted them full access to 77 organizations using Meta-Lama, Pythia, and Bloom.
An attacker with write privileges could replace the existing models with malicious ones or create an entirely new malicious model in their name.
According to Lanyado, Lasso researchers found several tokens associated with Meta, one of which had write permissions to Meta Llama, and two each with write permissions to Pythia and Bloom.
The API tokens associated with Microsoft and VMware had read only privileges, but they allowed Lasso researchers to view all of their private data sets and models, he says.
Lasso disclosed its findings to all impacted users and organizations with a recommendation to revoke their exposed tokens and delete them from their respective repositories.
The security vendor also notified Hugging Face about the issue.


This Cyber News was published on www.darkreading.com. Publication date: Mon, 04 Dec 2023 21:50:31 +0000


Cyber News related to Meta AI Models Cracked Open With Exposed API Tokens

Meta AI Models Cracked Open With Exposed API Tokens - Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model repositories in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate ...
11 months ago Darkreading.com
Exposed Hugging Face API tokens jeopardized GenAI models - Lasso Security researchers discovered 1,681 Hugging Face API tokens exposed in code repositories, which left vendors such as Google, Meta, Microsoft and VMware open to potential supply chain attacks. In a blog post published Monday, Lasso Security ...
11 months ago Techtarget.com
Hugging Face API tokens exposed, major projects vulnerable The Register - The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to potential supply chain attacks. Researchers at Lasso Security found more than 1,500 exposed API tokens on the open ...
11 months ago Go.theregister.com
Exposed Hugging Face APIs Opened AI Models to Cyberattacks - Security flaws found in both Hugging Face and GitHub repositories exposed almost 1,700 API tokens, opening up AI developers to supply chain and other attacks and putting a brighter spotlight on the need to ensure that security keeps up with the ...
11 months ago Securityboulevard.com
Defining Good: A Strategic Approach to API Risk Reduction - A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment. That standard, if communicated and enforced effectively, will not only positively affect how a developer designs ...
9 months ago Securityboulevard.com
Tax Season Alert: Common scams and cracked software - OpenText is committed to providing you with the latest intelligence and tips to safeguard your digital life, especially during high-risk periods like tax season. Our threat analysts are constantly monitor the ebb and flow of various threats. One ...
8 months ago Webroot.com
Hugging Face dodged a cyber-bullet with Lasso Security's help - Further validating how brittle the security of generative AI models and their platforms are, Lasso Security helped Hugging Face dodge a potentially devastating attack by discovering that 1,681 API tokens were at risk of being compromised. The tokens ...
11 months ago Venturebeat.com
Major Organizations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - AI cybersecurity startup Lasso has discovered more than 1,600 valid Hugging Face API tokens exposed in code repositories, providing access to hundreds of organizations' accounts. Leaked secrets, such as tokens, have long been the focus of ...
11 months ago Securityweek.com
Privacy at Stake: Meta's AI-Enabled Ray-Ban Garners' Mixed Reactions - There is a high chance that Meta is launching a new version of Ray-Ban glasses with embedded artificial intelligence assistant capabilities to revolutionize wearable technology. As a result of this innovation, users will have the ability to process ...
9 months ago Cysecurity.news
That time I broke into an API and became a billionaire - This included an internal API with a dependency on a third-party banking API. We'll get to the banking API later in this story. That's all thanks to developers embracing agile development, microservices, and API gateway redirection that exposed ...
10 months ago Securityboulevard.com
Hugging Face's AI Supply Chain Escapes Near Breach by Hackers - A recent report from VentureBeat reveals that HuggingFace, a prominent AI leader specializing in pre-trained models and datasets, narrowly escaped a potential devastating cyberattack on its supply chain. The incident underscores existing ...
11 months ago Cysecurity.news
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
9 months ago Darkreading.com
Meta sues ex VP of Infrastructure for 'trade secret theft' The Register - Over the course of his 12-year employment at the Facebook giant, Dipinder Singh Khurana - also known as T.S. Khurana - rose to the rank of vice-president of infrastructure. He left the mega-corp in June 2023 to take a position as senior veep of ...
7 months ago Go.theregister.com
Why Tokens Are Like Gold for Opportunistic Threat Actors - COMMENTARY. Authentication tokens aren't actual physical tokens, of course. Authentication tokens are an important part of cybersecurity. Which means that anyone with a token has a gold key to corporate systems - without requiring a multifactor ...
5 months ago Darkreading.com
Securing AI: Navigating the Complex Landscape of Models, Fine-Tuning, and RAG - It underscores the urgent need for robust security measures and proper monitoring in developing, fine-tuning, and deploying AI models. The emergence of advanced models, like Generative Pre-trained Transformer 4, marks a new era in the AI landscape. ...
10 months ago Feedpress.me
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report - We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. A notable achievement is being recognized as one of the few non-gateway-first ...
11 months ago Imperva.com
As Meta rolls out end-to-end encryption, police warn keeping children safe 'no longer possible' - The move will ensure that Meta's users are protected from abusive legal requests from non-democratic governments. Globally the company receives hundreds of thousands of government requests for user data annually, according to its transparency center ...
10 months ago Therecord.media
In the rush to build AI apps, don't leave security behind The Register - There are countless models, libraries, algorithms, pre-built tools, and packages to play with, and progress is relentless. You'll typically glue together libraries, packages, training data, models, and custom source code to perform inference tasks. ...
7 months ago Go.theregister.com
Unified API Protection - A massive segment of organizations' digital footprint today is built around internal and external APIs. As more IT leaders realize and acknowledge the size of APIs' influence, it's become clear that new methods are needed to secure those APIs. While ...
1 year ago Cequence.ai
What do CISOs need to know about API security in 2024? - According to Postman's 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in ...
10 months ago Cybersecurity-insiders.com
Facebook's New Privacy Nightmare: 'Link History' - Facebook is doubling down on tracking your behavior, despite the efforts of regulators worldwide. Its new Link History app feature is yet another AdTech privacy dark pattern. Meta's Mister Zuckerberg pretends it's all for the good of Facebook users. ...
10 months ago Securityboulevard.com
Startups Scramble to Build Immediate AI Security - It also elevated startups working on machine learning security operations, AppSec remediation, and adding privacy to AI with fully homomorphic encryption. AI's largest attack surface involves its foundational models, such as Meta's Llama, or those ...
10 months ago Darkreading.com
Addressing Deceptive AI: OpenAI Rival Anthropic Uncovers Difficulties in Correction - There is a possibility that artificial intelligence models can be trained to deceive. According to a new research led by Google-backed AI startup Anthropic, if a model exhibits deceptive behaviour, standard techniques cannot remove the deception and ...
9 months ago Cysecurity.news
5 Unique Challenges for AI in Cybersecurity - Applied AI in cybersecurity has many unique challenges, and we will take a look into a few of them that we are considering the most important. On the other hand, supervised learning systems can remediate this issue and filter out anomalous by design ...
7 months ago Paloaltonetworks.com
ML Model Repositories: The Next Big Supply Chain Attack Target - The techniques are similar to ones that attackers have successfully used for years to upload malware to open source code repositories, and highlight the need for organizations to implement controls for thoroughly inspecting ML models before use. ...
7 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)